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ABSTRACT 

Because a right of information privacy is not firmly 
imbedded in constitutional case law, advocates of the concept that 
citizens have the right to control personal information held by 
others turned to Congress. Enacted to regulate the government's use 
of personal information, the Privacy Act of 1974 has failed to work 
in the way intended. Shortly after its passage, the political swing 
away from privacy and toward bureaucratic efficiency revealed the 
Act's structural and conceptual weaknesses. It is suggested that this 
act needs to be redrafted to strengthen its major principle— i.e. , 
that information collected for one purpose „iay not be used for 
another purpose without the individual's consent. It is also 
recommended that information legislation restrict access to personal 
information held by private institutions. Further, it is felt that 
public policy is needed in response to advanced information 
technology that imbnes institutions with the power to instantly 
exchange, compare, verify, profile, and link information in separate 
databases. This report provides guiding principles for drafting 
legislation, and concludes that statutory standards should 
incorporate a balance between the sensitivity of the information at 
stake and the institutional justification or need for the 
information. (SD) 
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Executive Summary 



This paper examines the right of citizens t~ control personal 
information held by others. The right of information privacy is an 
enduring and cherished value in thiscountry, resonating at the heart 
of individual freedom, autonomy, and individuality. Crucial to 
one's sense of "self ' is the right to maintain some decision-making 
power over what information to divulge, to whom, and for what 
purpose. Yet, individuals are increasingly losing control over per- 
sonal information collected, maintained, used, and disseminated by 
both the federal government and private institutions, 

Because a right of information privacy is not firmly embedded 
in constitutional case law, privacy advocates have turned to Con- 
gress. The Privacy Act of 1974, which was enacted to regulate the 
government's use of personal information, has failed to work in the 
way intended by Congress, Shortly after its passage, the political 
swing away from privacy and towards bureaucratic efficiency re- 
vealed the Act's structural and conceptual weaknesses. The Act 
needs to be rewritten to strengthen its major principle — informa- 
tion collected for one purpose may not be used for a different 
purpose without the individual's consent. 

In addition, information privacy legislation is needed to restrict 
access to personal information held by private institutions. Con- 
gress has enacted laws to protect records held by banks, schools, the 
credit industry, cable and video companies, and others, These laws 
serve as precedents for legislation that establishes on a case-by-case 
basis an incremental series of privacy rights in information held by 
the government and private institutions, including protections for 
medical, insurance, personnel, and retail records. Further, public 
policy is needed in response to ad' unced information technology 
that gives institutions the power to instantly exchange, compare, 
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I. INTRODUCTION 



The constitutional right to privacy is, as Justice Brandeis first 
stated, "the right to be left alone— the most comprehensive of rights 
and the right most valued by civilized men." 1 Brandeis' formulation 
has long been the starting point for any discussion of the meanir.g of 
privacy. But what value does privacy hold for us? What does privacy 
look like in the late 1980s? Are we truly able, or even entitled, to live 
certain areas of our lives outside of the public eye? Is privacy still the 
most valued and comprehensive of rights? 

"Who cares about privacy?" 2 National polls document a grow- 
ing public demand for privacy protection. In a 1983 analysis of their 
survey results, Louis Harris and Associates concluded: 

Particularly striking is the pervasiveness of support for 
tough new ground rules governing computers and other 
information technology. Americans are not willing to en- 
dure abuse or misuse of information, and they overwhelm- 
ingly support action to do something about it. This su^ t d 
permeates all subgroups in society and represents a man- 
date for initiatives in public policy. 3 

Most people cherish their right to be abk ^o live certain areas of 
their lives outside of the public eye. 4 Yet today, these same people 
are overwhelmed by institutional demands for information. Crucial 
to one's sense of "self" is the right to maintain some decision-making 
power over what information to divulge, to whom, and for what 
purpose. Although there is broad public support for privacy, indi- 
vidual voices are often scattered and powerless, forcing a reliance on 
organized constituencies. 

The confirmation hearings of Judge Robert Bork to the United 
States Supreme Court brought home the degree to which an 
individual's sense of freedom and identity depends on governmen- 
tal respect for privacy. Voicing this belief, the majority of Senators 
who voted against Judge Bork's confirmation expressed concern 
over Bork's hostile view of the constitutional right to privacy. 

1 



Citizens are losing control of personal, sensitive information as 
government agencies and private institutions escalate the collection 
and exchange of personal information. In 1988, a number of federal 
agencies proposed massive expansions of their information systems 
by linking their records with the separately maintained record 
systems of other agencies. The FBI, for example, proposed enhanc- 
ing its law enforcement efforts by connecting its National Crime 
Information Center (NCIC) to the computerized record systems of 
the Department of Health and Human Services (HHS), the Internal 
Revenue Service (IRS), the Social Security Administration (SSA), 
and the Immigration and Naturalization Service (INS). The Bureau's 
plan was ultimately defeated, in part due to the efforts of privacy 
advocatesand computer security experts who submitted a report to 
the agency recommending that the linkage proposal be abandoned. 5 
However, other proposals may soon be implemented. HHS recently 
announced its plan to link electronically thousands of computers 
containing the prescription records of Medicare beneficiaries in 
pharmacies i Hionwide. HHS claims this new system will stream- 
line the Medicare bureaucracy. 6 

Many have long feared that such coordinated information 
collection would eventually lead to the creation of a national data- 
basecontaining lifetime dossiers on all citizens, held in one centrally 
controlled mainframe computer. However, advanced information 
technology now allows information maintained in completely s ka- 
rate databases to be linked. In a recent study, the Office of Technol- 
ogy Assessment (OTA) concluded that a dt facto national database 
already exists on U.S. citizens. 7 Privacy legislation is necessary to 
respond tothe present rial ity that advanced information technology 
now gives institutions, both public and private, the power to nearly 
instantly exchange, compare, verify, profile, and most importantly, 
link information. 

Technology has overtaken current law, leaving society without 
a new set of social mores to limit and define the extent to which 
advanced technology can be used to know all we can about each 
other The danger is that a watched society is a conformist society, 
one in which people are afraid to act or believe in ways that call 
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the Constitution to grant individuals a right of privacy, based on the 
First Amendment freedom of association and expression, 10 the Fifth 
Amendment privilege against self-incrimination, 11 penumbras of 
thp Bill of Rights and the Ninth Amendment, 12 the Fourteenth 
Amendment's guarantee of "ordered liberty", 13 but principally rooted 
in the Fourth Amendment protection of persons, places, papers, and 
effects against unreasonable searches and seizures. 14 . The primary 
concern of this section is whether there is a constitutional right to 
privacy in personal information held by others and whether restric- 
tions may be placed on personal information held by the govern- 
ment. 

The Fourth Amendment was drafted two hundred years ago to 
curtail the "writs of assistance" used by officials to search door-to- 
door for British tariff law violations. The Framers could not imagine 
today's widespread collection and use of personal information by 
businesses and other institutions or the massive and easily accessed 
body of personal information held by the government. In the 1700s, 
"personal information was difficult to collect, and files were hand- 
written, rarely reproduced and easily lost." 15 However, despite 
major changes in the way individuals handle their papers, the Court 
has been reluctant to extend the reach of the Fourth Amendment to 
protect records from intrusion once they are held by someone else. 

The application of the Fourth Amendment had traditionally 
hinged on property-based notions of liberty that ground peop^s' 
rights in their relationships to particular places, such as the "home- 
as-castle." However, in an early case, Boyd v. United States, the 
c upreme Court brought the Fourth Amendment into the late nine- 
teenth century, reasoning that the founding principles of the Amend- 
ment were broadly worded to. 

apply to all invasions on the part of the government and its 
employees of the sanctity of a man's home and >he privacies 
of his ^ fe. It is not '.he breaking of his doors or the rummag- 
ing of his drawers that constitute the essence of the offense, 
but it is the invasion of his indefensible right of personal 
security, personal liberty and private property. 16 
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The Fourth Amendment the Boyd Court noted, reflects the colonists' 
struggle with the arbitrary power of government. Thus, they cau- 
tioned, "constitutional provisions for the security of property and 
person should be liberally construed. A close and literal construc- 
tion deprives them of half of their efficacy, and leads to a gradual 
depreciation of the right, as if it consisted more in soun^ than in 
substance." 17 The Justices recognized that the Fourth Amendment 
protection of property extends to government intrusions outside 
one's home. 

The Constitution also has been interpreted to extend protection 
to information that implicates both First Amendment and nrivacy 
values. In NAACP v. Alabama," the Court recognized the severe 
chilling effect on First Amendment freedoms that can resu It from the 
unauthorized disclosure of an organization's membership, finding 
damage in the mere revelation of one's personal political beliefs. 

In 1967, the Supreme Court, in ruling that warrantless wiretap- 
ping is unconstitutional held that the Fourth Amendment protects 
people, not places. (Katz v. United States* 9 ) In Katz, the Court set 
forth a standard for determining constitutionally protected "zones 
of privacy" — whether the expectation of privacy in the area to be 
searched outweighs the government's interest in searching that 
area, factoring into this analysis the degree of intrusion involved. 
WiU Katz and preceding cases, the Court developed an interpreta- 
tion of the Fourth Amendment, and the Bill of Rights as a whole, as 
protections not only of tangible property, but also of an individual's 
communications, personality, politics, and thoughts. 

The problem with the Katz formulation is that its relative 
standard — a "reasonable expectation of privacy" — can only 
reflect, not prevent, deterioration in societal respect for privacy. 
Applying this "reasonable expectation" standard, the Court in later 
cases often determined that an individual's privacy had not been 
violated by certain intrusions because society's "expectation of 
privacy" had been persistently lowered by the circumstances of 
modern existence. Many people can no longer claim to reasonably 
expect privacy even in the most intimate activities of their lives. 20 
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privacy he asserted was not reasonable. 24 The Court reached this 
conclusion even though most bank customers probably do have an 
expectation of privacy in these records. 

The Court in Miller applied a flawed principle. Banks maintain 
customer records both as a service to customers and for the barks' 
own recordkeeping purposes. The customer may voluntarily relin- 
quish physical possession of his or her records (or maintain dupli- 
cates) buf clearly does not intend to lose all control over those 
records. 2 " Customer continue to maintain an interest in the records 
of a transaction bee. e those records directly represent the transac- 
tion. As Justice Brendan dissented in the 5-4 opinion ir the Miller 
case: 

A bank customer's reasonable expectation is that, absent a 
compulsion by legal process, the matters he reveals to the 
bank will be utilized by the bank only for internal banking 
purposes. ... [A] depositor reveals many aspects of his 
personal affairs, opinions, habits, associations. Indeed, the 
totality of bank records provides a virtual current biogra- 
phy. . '.Development of photocopying machines, electronic 
computers and other sophisticated instruments have accel- 
erated the ability of government to intrude into~ *eas which 
a person normally chooses to exclude from prying eyes and 
inquisitive minds. Consequently, judicial interpretations of 
the constitutional protection of individual privacy must 
keep pace with the perils created by these new devices. 26 

People do expect that they are enlitled to privacy in their 
financial affairs. Such a right is essential in a modern society. 
Financial records, and other records that reflect what we buy, where 
we travel what we read, who we communicate with, are extensions 
of our selves, regardless of where they are stored. They are Ihe 
papers" explicitly and separately named as protected by the Fourth 
Amendment. Nowhere in the Amendment does it say that one's 
papers must be kept in the home in order to be safe from unwar- 
ranted government intrusion. 
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maintenance of personal information in centralized, computerized 
files rise* to the level of constitutional invasion into an individual's 
privacy. In Whalen v. Roe, 2 " the Court held that a state may maintain 
files containing the names and addresses of all people who lawfully 
obtain prescription drugs. The Court found that although one may 
assert a constitutional privacy right to not disclose personal matters, 
the itate'scentralized file did not pose a "sufficiently grievous threat 
to disclosure." In one sense, Wlialen may be viewed as a positive 
decision because the Court upheld the statute in question on the 
grounds that it incorporated "due process safeguards," such as 
confidentiality and security provisions, to protect against unwar- 
ranted disclosures. 

The Whalen Court asked whether the government's collection of 
personal information posed a threat to privacy, and decided that it 
did: 

We are not unaware of the threat to privacy implicit in the 
accumulation of vast amounts of personal information in 
computerized data banks or other massive government 
files. The collection of taxes, the distribution of welfare and 
social security benefits, the supervision of public health, the 
direction of our Armed Forces, and the enforcement of the 
criminal laws, all require the orderly preservation of great 
quantities of information, much of which is personal in 
character and potentially embarrassing or harmful if dis- 
closed. The right to collect and use such data for public pur- 
poses is typically accompanied by a concomitant statutory 
or regulatory duty to avoid unwarranted disclosures. [We] 
recognize that in some instances that duty arguably has its 

roots in the Constitution Broad dissemination of such 

information, however, would clearly implicate constitu- 
tionally protected rights. . . .[T]he central computer storage 
of the data thus collected. . . vastly increases the potential for 
abuse of that information. 28 
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The Fourth Amendment is elastic enough to apply to privacy 
intrusions created by advances in information technology and pol- 
icy. Because the Court has rigidly refused to expand the scope of the 
Fourth Amendment to explicitly recognize the right to be secure in 
one's persor- 1 papers held by others, privacy advocates have turned 
to Congress to address the issue in legislation. Congress has re- 
sponded by creatirg zones of privacy around certain information, 
and enacting a number of information privacy statutes in direct 
response to Supreme Court decisions. 29 

III. THE CONGRESSIONAL RESPONSE 
A. The Privacy Act of 1974 

Congress has struggled with the problems posed by increasing 
information collection and use, and the development of new infor- 
m?tion technologies that transform the way institutions handle 
information. In the 1960s and early 1970s, Congress held a series of 
hearings on computers, privacy, and the protection of personal 
information ™ Throughout most of the 1960s, Congress considered 
a proposal to create a centralized national data center on all U.S. 
citizens containing information such as Social Security numbers, 
andincomeand censusdata. Backers of the proposal argued that the 
center was necessary to serve the needs of the " welfare state." After 
years of hearings studies, and debates, the national data center was 
overwhelmingly condemned as "Big Brother" government, and a 
threat to individual autonomy, dignity, and liberty. 

At a 1%6 hearing, one Representative expressed fear that a 
centralized federal facility, into which would be "poured informa- 
tion collected from various government agencies and from which 
computers could draw selected facts, . . . could lead to the creation 
of the 'Computerized Man'. . . stripped of his individuality and 
privacy " v At the same hearing, Representative Frank Horton (R- 
NY) extolled the virtuesof ineff iency and bureaucracy: "One of the 
most practical of our present safeguards of privacy is the fragmented 
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nature of present information. It is scattered in little bits and pieces 
acrcss the geography and years of our life. Retrieval is impractical 
and often impossible. A central data bank removes completely this 
safeguard." 32 The plan was abandoned. 33 

It should be noted that one witness at the 1966 hearing on 'The 
Computer and the Invasion of Privacy" warned privacy advocates 
of the dangers of focusing attention on the central data bank issue: 

The problems of tha invasion of privacy are, in my view, 
significant, and they will exist whether or not the central 
computer bank is created by the Government. Individual 
data systems, both public and private, now being devel- 
oped, can be tied together eventually into a network that 
will present essentially the sair e problems .... Today we are 
already building the bits and pieces of separate automated 
information systems *n both the private and government 
sectors that so closely follow the pattern of development to 
the present integrated communications structure that a de 
tacto version of the system you are now pondering is 
already in the construction phase. It is in many ways more 
dangerous than the single data bank now being consid- 
ered. 34 

By 1973, the Watergate scandal contributed to what had become 
a national crisis of faith in government institutions and a heightened 
sensitivity to the unfettered ability of the government to ntrude into 
the personal affcirs of its citizens. In this environment, the pub'ic 
became increasingly concerned about the unhampered collection 
and use of personal records by the government: 

Accelerated data sharing of such personally identifiable in- 
formation among increasing numbers of federal agencies 
through sophisticated automated systems, coupled with 
the recent disclosures of serious abuses of governmental 
authority represented by the collection of personal dossi- 
ers, illegal wiretapping, surveillance of innocent citizens, 
misuse of tax data, and similar types of abuses, have helped 
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4) The right to privacy is a personal and fundamental right 
protected by the Constitution of the United States; and 



5) In order to protect the privacy of individuals identified 
information systems maintained by Federal agencies, it is 
necessary and proper for the Congress to regulate the 
collection, maintenance, use, and dissemination of informa- 
tion by such agencies. 37 

In introducing the Senate veision of the Bill, Senator Sam Ervin 
(D-NC) said: "[T]he appetite of government and private organiza- 
tions for information about individuals threatens to usurp the right 
to privacy which I he. ong felt to be among the most basic of our 
civil liberties as a free people. . . . [T]here must be limits upon what 
the government can know about each of its citizens/' 38 In drafting 
the Privacy Act, Congress sought to block the creation of a national 
data center containing personal information, and curtail the use of 
the Social Security number (SSN) as a uniform national identifier. 
Further, Congress favr.d that ' [i]f the use of the SSN as an identifier 
continues to expand, the incentives to link records and broaden 
access to them are likely to increase." 39 

The purpose of the Act was to "promote accountability, respon- 
sibility, legislative oversight and open government with respect to 
the use of computer technology in the personal information systems 
and databanks of the federal government." 40 The Act was to serve 
as an "Information Bill of Rights" for citizens and a "Code of Fair 
Information Practices" for federal agencies. 

To accomplish these goals, the Act establishes a right of privacy 
in personal information held by federal agencies. With certain 
exceptions, the Act prohibits government agencies from disclosing 
information collected for one purpose for a different purpose with- 
out the individual's consent. Under the Act, citizens have a right of 
access to their records and the opportunity to amend their records 
upon showing that they are not accurate, relevant, timely, or com- 
plete. The Act also limits the use of the Social Security number for 
identification purposes, unless otherwise authorized by law, and 
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prohibits the government from collecting information on the politi- 
cal activities of citizens. Individuals may sue for injunctive relief to 
enforce some of the Act's provisions, and damages may be awarded 
by proving that harm occurred as the result of a willful or intentional 
agency violation of privacy. 

The Privacy Act reflects a compromise between very different 
House and Senate passed bills. The Senate bill created a Privacy 
Board with oversight powers. The House bill, supported by the Ford 
Administration, emphasized access to and correction of records. In 
the final negotiations, many of the stronger Senate provisions were 
dropped. 

Despite the good intentions and clear objectives of its drafters, 
the Privacy Act has fallen far short of achieving many of its original 
goals, at best serving as a procedural hoop-jump for federal agen- 
cies. A number of factors have severely undermined the Act's 
effectiveness, including flaws in the Act itself, administrative inter- 
pretation, and lack of enforcement. The basic principles of the 
Privacy Act have failed to limit significantly the government's use of 
personal information. In fact, agencies have escalated the collection 
and dissemination of personal information. 41 

For instance, Congress' original intent in enacting the Privacy 
Act /vasthwartedby the government's interpretation of the "routine 
use ' exemption, which allows agencies to disclose personal infor- 
mation if the disclosure is compatible with the purpose for which it 
was collected. 42 Government officials have interpreted the exemp- 
tion to allow the computerized matching of separate agency record 
systems, arguing that detecting waste, fraud, and abuse in govern- 
ment programs is a legitimate government interest, and is thus 
compatible with any original purpose for which records were col- 
lected. 4 ' 

The legislati ve history of the Act, though, makes it clear that the 
routine use exemption was intended to facilitate the exchange of 
information for "housekeeping measures," such as completing payroll 
checks. The purpose of the exemption was to "discourage the 
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unnecessary exchange of information to another person or to agen- 
cies who may not be as sensitive tc the collecting agency's reasons 
for using and interpreting the material." 44 A witness at a recent con- 
gressional hearing on computer matching testified that the "routine 
use provision is so big an exemption that you could drive a truck 
through it." 45 

The government's sweeping interpretation of the exemption 
contradicts the Act's core provision — that, as a general matter, 
information collect ed for one purpose may not be used for a different 
purpose without the individual's consent. 

Debate over the Act's routine use exemption began in 1977 
whentheCarter Administration instituted "Project Match," a scheme 
to use computers to compare the Department of Health, Education, 
and Welfare's (HEW) list of welfare recipients with the Civil Service 
Commission and the Defense Department federal payroll files in 
eighteen states. This proposed matching of computerized lists 
sparked a heated feud between those who viewed matching as an 
important investigative and auditing tool, and those who believed 
that the matching of records violated the Privacy Act and intruded 
on individual liberties. 

Mary agency officials cited the Act's routine use exemption to 
justify extensive, inter-agency matching. However, a literal reading 
of the exemption does not appear to permit matching. In a 1 977 letter 
to HEW, the Civil Service Commission's General Counsel opposed 
"Project Match" on the grounds that the matching of disparate 
records violated the Privacy Act. He argued: "Although the literal 
terms of [the exemption] obviously can not be followed with preci- 
sion in practical application to agency operations, it is evident that 
this information on employees was not collected with a view toward 
detecting welfare abuses." 46 The Commission's cornspl went fur- 
ther: 

At the matching stage there is no indication whatsoever 
that a violation or potential violation of law has occurred... 
It cannot fairly be said . . . that disclosure of information 
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about a particular individual at this preliminary stage is 
justified by any degree of probability that a violation or 
potential violation of law has occurred. 47 

The corrputer matching proponents prevailed. "Project Match" 
went forward a ,d touched off widespread computer matching 
within the federal government. 48 The outcome of this debate marked 
the political swing away from privacy and towards bureaucratic ef- 
ficiency and revealed the Privacy Act's structural and conceptual 
weaknesses. 

The Privacy Act a'.so prohibits a local, state, or federal agency 
from requiring an individual's Social Security number asacondition 
of receiving services or benefits, unless this is authorized by law. 49 
The drafters were concerned that the Social Security number was on 
its way to becoming a national identifier, and would be used as the 
uniform identifier in linking separate records systems. Yet, Con- 
gress has since not only authorized the use of the number, but 
mandated it. The most striking example is the 1986 Tax Reform Act 
provision requiring all children over the age of five claimed as 
dependents on tax returns to have a Social Security number.™ 

To make matters worse, it is extremely difficult for individuals 
harmed by violations of the Act to bring suit under the Act. The Act's 
lack of both a broad injunctive relief and liquidated damages provi- 
sion prevent meaningful litigation of the Act's intent and applica- 
tion. Privacy violations often result in intangible harm to individu- 
als, making it very difficult to prove actual danv.ges as required bv 
the Act." M 1 J 

In 197?,at the height of the initial controversy over the legality 
of computer notching, the Privacy Protection Study Commission, 
charged with studying the issues raised by the Privacy Act and 
recommending future legislation, issued its report: Personal Privacy 
in an Information A$e." 2 The Commission was created by the Privacy 
Act in a provision adopted during final negotiations and accepted as 
less controversial than creating an Executive branch oversight 
agency. 
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The Commission's report recommended that the Privacy Act be 
more vigorously enforced, and suggested a number ways to make 
the Act more effective. The Ac*, the Commission found, "has not 
resulted in the general benefits to the public that either its legislative 
history or the prevailing opinion as to its accomplishments would 
lead one to expect." 53 The report included a proposed revision of the 
Act that clarified ambiguities, provided individuals with broader 
remedies, and tightened the "routine use" exemption. The Commis- 
sion found that the exemption had "unintended effects," and had 
been "applied loosely and exclusively from the agency's point of 
view." 54 It is important to note that these recommendations were 
published prior to the entrenched institutionalization of computer 
matching. The Commission also recommended that Congress pass 
additional information privacy legislation to protect information 
held in private sector databases. 

Some privacy advocates blame the Act's failure on Congress' 
failure to create a federal privacy oversight agency to implement the 
law. The drafters of the Act did delegate oversight and guidance 
responsibilities to the Office of Management and Budget (OMB). 
However, the Privacy Commission, in its report, found that "neither 
OMB nor any of the other agencies. . . ha ve played an aggressive role 
in making sure that the agencies are equipped to comply with the 

Act and are, in fact, doing so [M]uch of the early momentum 

appears to have been lost." 55 By 1983, the general consensus among 
privacy advocates was that OMB had "virtually abdicated respon- 
sibility" 56 for enforcing and overseeing the Act. 

The Privacy Act is now viewed as a law that requires agencies 
merely lo notify individuals before using personal records for a 
purpose different from that for which they werp collected. Notice 
has become synonymous with consent. Under the Act, individual 
control over personal information is illusory. As Representative 
Glenn English (D-OK) remarked during 1983 Privacy Act overs ; ght 
hearings: 

One of my chief concerns is that the bureaucracy, with the 
approval of OMB, has drained much of the substance out of 
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the Act. As a result, the Privacy Act tends to be viewed as 
strictly a procedural statute. For example, agencies feel free 
to disclose personal information to anyone as long as the 
proper notices have been published in the Federal Register. 
No one seems to consider any more whether the Privacy / ct 
prohibits a particular use of information. 57 

The Act's core principles gave way under pressure from the 
"rise of the computer state/' 58 which provided the government with 
a hard-to-resist temptation to shift its emphasis away frori giving 
individuals some control over personal information to fostering a 
system of nearly unrestrained collection and use. The political 
pendulum swung away from protecting privacy and fostering gov- 
ernment accountability and towards improving bureaucratic effi- 
ciency. Today, the official presumption appears to br the more the 
government knows about you, the better. 

A recent development in government efficiency is the use of a 
technique called "front-end verification." This technique allows 
government officials to verify information electronically by match- 
ing records on a case-by-case basis at the time an individual applies 
for benefits; i.e., at the "front end." For bureaucrats, the appeal of 
front-end verification is that it reduces benefit payment errors; non- 
eligibility is detected before, rather than after, an individual has 
received any benefits. Some argue that this process is less of a 
privacy intrusion than traditional matching because it involves a 
srarch through a particular person's files rather than a massive 
seprch or "fishing expedition." However, the unchecked growth of 
veiification systems linking various databases of personal informa- 
tion on every citizen poses a serious danger to individual d utonomy 
and privacy. 

The success of front-end verification depends on systems that 
provide rapid access to complete and accurate information. The 
threat is thus the same as in computer matching — concern for 
efficiency presses for the aggregation and linkage of multiple agency 
data bases to create a de facto national data base on all citizens. In fact, 
an FBI Advisory Policy Board recently proposed providing the 
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bureau access to the record systems of the Department of Health 
and Human Services- the Internal Revenue Service, the Social Secu- 
rity Administration, and the Immigration and Naturalization Serv- 
ice. For now, the Bureau's attempt to create a federal agency clear- 
inghouse of information for use by the law enforcement community 
has been defeated. 59 

Despite the long-standing concerns of Congre^ and privacy 
advocates about the government's attempt to establish a national 
data center, it appears that a de facto national data base already exists, 
sustained by on-line linkages that allow information to be stored in 
decentralized form, but instantly assembled at the press of a button. 
A crucial element in this data base linkage is the use of one form of 
identification, most often the Social Security number. 

Congress has encouraged this development by enacting legis- 
lation that undermines the Privacy Act's original principles, allow- 
ing greater information collection and exchange through the man- 
dated linkage and comparison of personal information held in 
separate data bases, and requiring the use of the Social Security 
number to facilitate this process. For instance, in establishing the 
Income Eligibility Verification System (IEVS) in the Deficit Reduc- 
tion Act of 1984, Congress authorized the use of the Social Security 
number for all needs-based programs to make possible the accurate 
identification of applicants and to permit the computerized retrieval 
of information on applicants in discrete data bases containing infor- 
mation on wage, pension, unemployment insurance, and other 
income data, including unearned income from Internal Revenue 
Service (IRS) files. 60 

In addition, the Tax Reform Act of 1986 includes a provision 
requiring all children over the age of five who are claimed as 
dependents on a tax return to have a Social Security number. 61 The 
stated reason for this sweeping requirement is to catch non-custo- 
dial parents who clain their children as dependents. Although tax 
fraud is a legitimate government problem, this provision reflects 
Congress' current unwillingness to address the threat posed by a 
national identification system that numbers all individuals for 
government record-keeping purposes. 62 
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Front-end verification— and the systems needed to sustain it- 
pose the grave problem of greater collection of and access to per- 
sonal information, resulting in the ultimate loss of individual con- 
trol, autonomy, and dignity. It is not only the danger of being "just 
a number" that is of concern here, but also providing the govern- 
ment and private institutions the ability to track and profile us from 
birth to death, creating what Arthur Miller termed a "womb-to- 
tomb dossier." 63 

Despite its apparent abandonment of privacy as a primary goal 
of federal policy, in 1988 Congiess enacted the first significant 
amendment to the Privacy Act. The Computer Matching and Pri- 
vacy Protection Act of 1988 64 brings the computerized matching of 
records under the wing of the Act. Under the new law, matching is 
no longer treated as a "routine use" of personal records held by 
federal agencies The Act prohibits agencies from taking any adverse 
action against an individual based on a match until the results have 
been independently verified. Before conducting a match, agencies 
must now enter into written agreements specifying the purpose of 
the match, the records to be matched, and a cost/benefit analysis of 
the match The legislation does not limit in any way the content or 
types of records that can be matched, but does create an important 
procedural framework of more adequate notice to individuals, the 
right to a hearing before benefits are cut off or denied, and manda- 
tory reporting requirements for agencies that match records. 



B. Protecting Personal Records Held By Private Institutions 

In the last eighteen years, Congress has made substantial prog- 
ress in legislation regulating government and private access to 
privately held personal information. 

— In 1970, Congress passed the Fair Credit Reporting Act, 65 
prohibiting credit and investigation reporting agencies that collect, 
store, and sell information on consumers' credit worthiness rrom 
disclosing records to anyone other than authorized customers. The 
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Act requires the agencies to allow consumers .0 review their own 
records and correct inaccurate information. The legislation created 
a legal framework in which the reporting companies could operate, 
and was passed in response to the public's growing awareness and 
concern about personal information maintained by credit reporting 
bureaus. 

— Four years later, the Family Educational Rights and Privacy 
Act 66 was passed, limiting disclosure of educational records to third 
parties. The law requires schools and colleges to let students see 
their records and challenge and correct inaccurate information in 
their records. 

— In 1978, Congress passed the Right to Financial Privacy Act, 67 
in response to the Supreme Court's decision on the privacy of bank 
records in the Miller case and in direct response to the Privacy 
Protection Study Commission's recommendation that Miller be 
superceded by remedial legislation. Congress strengthened the 
Privacy Act's "consent" principle by creating a statutory Fourth 
Amendment protection for bank records. The Right to Financial 
Privacy Act includes a minimum due process standard, and a court 
order provision that requires law enforcement to meet a standard of 
relevance before records can be released. The Act is the result of a 
haid-won compromise between the civil liberties community, bank- 
ers, the Department cf Justice, and Congress. 

— In 1980, Congress passed the Privacy Protection Act 68 to 
prohibit the government from searching press offices without a 
warrant if no one in the office is suspected of committing a crime. 

— In 1 982, Congress passed the Debi Collection Act 69 requiring 
federal agencies to provide individuals with due \ rocess protections 
before an individual's federal dibt information may be referred to a 
private credit bureau. 




—In 1984, Congress enacted the Cable Communications Policy 
Act to safeguard the confidentiality of interactive cable television 
subscriber records. The Act includes the highest court order stan- 
dard ever enacted that must be met by law enforcement lefore 
subscriber records can be disclosed. The Act requires that cable 
subscription records may only be disclosed pursuant to a court order 
that shows by "clear and convincing evidence that the subject of the 
information is reasonably suspected of engaging in criminal activity 
and that the information sought tvould be material evidence in the 
case." Further, the individual must have the opportunity to chal- 
lenge the court order before the records are disclosed. 70 

— In 1983, the Electronic Communications Privacy Act (ECPA) 
was passed, amending the Wiretap Law to cover the interception of 
non-aural communications. Under the Act, law enforcement offi- 
cials may not obtain information held by a data communications 
company, such as MCI, without a warrant that meets the probable 
cause standard. ECPA also overturns the Supreme Court's ruling in 
Smith v. Maryland that telephone toll records are not private. Under 
ECPA, law enforcement officials must show there is "reason to 
believe the contents of a wire or electronic communication, or the 
records or other information sought, are relevant to a legitimate law 
enforcement inquiry," before obtaining access to transactional data 
such as telephone toll records. ECPA represents a recognition of the 
need to protect information regardless of the technological advance^ 
that have shaped its use. 

— The Video Privacy Protection Act of 1988, passed at the end 
of the 100th Congress, includes a strong court order standard 
modeled on the Cable Act. Videocassette rental records, like cable 
subscriber records, can reveal information about individual prefer- 
ences and political beliefs. Congress has been quick to create strong 
protections in such areas where First and Fourth Amendment con- 
cerns intersect. 71 

These recent laws reflect Congress 7 willingness to fashion strict 
disclosure stanu w ids for sensiti/e information held by private insti- 
tutions. Implicit in these new law* is a legislative recogrUion that 
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expectations of privacy can be created and enforced- a particularly 
crucial recognition in an age in which information practices continue 
^oTour constitutionally protected "reasonable" expectations. 

IV. PROPOSALS FOR THE FUTURE 
A. The Rewrite of the Privacy Act 

There is a genera', consensus that the Privacy Act of 1974 is 
ineffective, obsolete, and needs to be rewritten.- Neither the ab- 
sence of a vigorous privacy protection commission nor scattered, 
weak implementation by OMB can be bu rned exclusively for the 
law's failure. At this stage, the emphasis si ould be on rewriting to 
Privacy Act. A privacy oversight agency without s rong clear 
provisions to enforce, would continue to be a political tool in the 
hands of changing administrations. 73 

Only enforceable limits on what personal information can be 
collected and how it can be used can give individuals meaningful 
control over the information they divulge in exchange for receiving 
benefits and services from the government. The Act currently lacks 
such substantive limits. 

In addition, much of the Act has been rendered obsolete by 
advances in information technology and the drive to adopt new 
technological capacities for data collection and consolidation. Re- 
cent statutes take into account more modem techniques of intrusion, 
but, on the whole, privacy legislation has not effectively erected 
barriers around information. Instead, the Privacy Act and the bulk 
ofinformationprivacystatutesaimedatinformationheldby private 

institutions, require only that a series of procedura maneuvers be 
completed before an agency or institution can divulge records. 

Due process safeguards are more than just good "data use 
manners," and may be genuinely protective in some instances, but 
more is needed rotect individuals. Notice and consent proce- 
dures are not % enough protection for personal »fora»tion in 
the control of . ft .vemment; the government's collection and use of 
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»f2LX Vu T tt0n y S "? " f0r tax ' census ' and P« blic benefit 
purposes, should be limited, and even, in some cases, prohibited. Such 
limits are necessary to give individuals meaningful control over 
mformahon about themselves; to grant people the right to control 
what the government (and others) may know about their lives. 

The law should be redrafted to strengthen the Act's fundamen- 
hPvHuJ S/ . g,Ving individuak control over information 

and * n g ° Vemment aeencies eith *r by law (i.e. for census 
and tax purposes) or as a condition of receiving government benefits 
or services. Government agencies should be authorized to collect 
only information that is necessary and relevant to their particular 
purpose. Agencies must inform individuals of the reasons why 
personal information is being collected and for what purposes it will 
be used. An individual must have the right to challenge a particular 
collection or use either through administrative or court action. The 

M\Z\,f T 1 ? indudeS 3n 3dequate P rocedure for a S e ™*> to 
SvesTigatlon 6 * ^ PU ™ t0 8 laW ^rcement 

In Edition the Act's "routine use" exemption must be re- 
vamped so that the law will work as intended . A clear and restrictive 
definition of routine use must be added to the statute clarifying that 
disclosure for a routine use must be consistent with the orfeinal 
purpose for which the information was initially collected. Individu- 
als must have the right to challenge a proposed routine use on the 
grounds that it is not consistent with the purpose for which the 
information was originally collected. Routine use disclosures under 
this definition must be benign and not for the purpose of taking 
adverse action against an individual. 

Th e Privacy Act needs a new remedy section that provides both 
liquidated damages and injunctive relief for any aggrieved individ- 
ual. Currently, an indiviual may not sue under the Act unless he or 
«■ Ca " P™^™ 11 ™ 1 ^d intentional misconduct by an agency 

h ™ ^ U3lS T St be ?ble 10 C0llect damaees ^ intangible 
harms caused by violations of the Act. 



24 



B. Information Privacy Policy Initiates 
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For the future, privacy advocates must push for policy initia- 
tives to protect medical, insurance, personnel, and retail records as 
well as personal information held by the government. The policy 
goal is the creation of federal statutory rights of information privacy, 
tailoring standards that incorporate a balance between the sensitiv- 
ity of the information at stake and the institutional justification or 
need for the information— the more sensitive the information, the 
more compelling the need must be for its collection and the higher 
the standard must be for its disclcuie to others. 

The guiding principles in drafting legislation should be: 

1) Information collected for one purpose should not be 
used for a different purpose without the individual's con- 
sent. Any unauthorized use of the information must give 
rise to an enforcement action by the harmed individual. The 
goal is to create legislatively mandated expectations of pri- 
vacy in information. 

2) Policy should be developed with an eye towards new 
advances in information technology and telecommunica- 
tions. It may not be possible to anticipate every advance, but 
the law should be elastic enough to apply to information 
regardless of whether it is in electronic or manual form. In 
this way, the numbing cliche that technology is constantly 
outpacing the law may be overcome. 

3) Legal limits should be placed on the collection and use 
of sensitive information— the more sensitive the infor- 
mation, the more rigorous the disclosure standard. Per- 
sonal information, such as census data and certain medical 
records, should never be disclosed for any purpose, whereas 
less sensitive records might be available for legal proceed- 
ings. For sensitive information, law enforcement officials 
must demonstrate probable cause or reasonable suspicion 
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to believe a crime has been committed and that the informa- 
tion they seek relates to that crime. Individuals must receive 
notice before a court-ordered disclosure, and have an op- 
portunity to challenge the disclosure. 

4) Individuals must be provided w» a easy access to then- 
records, including access to computerized records, for the 
purpose of copying, correcting, or completing informa- 
tion in the records. Computer technology should allow in- 
diviuals on-line access to their records. 74 Legislation should 
mandate an access procedure, and require that information 
be kept accurate, complete, and up-to-date. Records that 
are no longer relevant for the purpose for which they were 
collected should be destroyed. 

5) Exemptions for non-disclosure should be clearly justi- 
fied and narrowly tailored to suit the requestor's need. Ex- 
emptions should explicitly define the intended scope of the 
allowable disclosure to avoid expansion or misinterpreta- 
tion of the provision. 

6) Legislation should include enforcement mechanisms, 
such as injunctive relief, civil damages, criminal penal- 
ties, and reimbursement of attornejr's fees and costs. By 
putting teeth into information privacy legislation, indi- 
viduals will be able to enforce the law and seek redress for 
violation of their privacy rights. Injunctive relief can pre- 
vent damage before it occurs, damages can compensate 
aggrieved individuals, and criminal penalties can punish 
those who violate the law. In addition, these individual 
enforcement mechanisms can be buttressed by institutional 
enforcement and oversight, such as by the promulgation of 
implementation guidelines, giving Privacy Act officers in 
each agency greater enforcement powers, and strengthen- 
ing congressional oversight. Each of these enforcement 
mechanisms will deter unauthorized information gather- 
ing and exchange. 
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Momentum exists for building on recent successes to press for 
new information privacy initiatives. Work should continue towards 
the passage of laws that incorporate standards tailored to the sensi- 
tivity of the information involved. 

V. CONCLUSION 

Our right to privacy dwindles each year, giving way under the 
tremendous institutional pressure to collect and use information. 
The push for strong laws to protect information privacy is not a 
partisan issue. As stated in the 1980 Republican Party Platform: 

Government in recent years, particularly at the Federal 
level, has overwhelmed citizens with demands for personal 
information and has accumulated vast amounts of such 
data through the IRS, the Social Security Administration, 
the Bureau of the Census, and other agencies. Under certain 
limited circumstances, such information can serve legiti- 
mate societal interests, but there must be protection against 
abuse. . . We are alarmed by Washington's growing collec- 
tion and dissemination of such data. There must be protec- 
tion against its misuse and disclosure. 

The momentum to protect personal information held by fed- 
eral agencies, sparked by years of hearings, privacy abuses and 
culminating in the Watergate scandal, was maintained long enough 
for Congress to pass the Privacy Act of 1974. In addition, Congress 
has responded to the pressing need to protect personal information 
maintained by private institutions. Privacy advocates must con- 
tinue to seize upon such targets of opportunity to heighten public 
awareness about the need for privacy legislation. Advances in 
information technology create legislative opportunities. Again, the 
Department of Health and Human Services is moving forward with 
a plan to link computers in 52,000 pharmacies nationwide to central- 
ize, exchange, and audit " ^formation on Medicare beneficiaries. The 
FBI is proposing a massive expansion of its central computer system. 
These proposals all pose serious threats to individual privacy. 
Privacy advocates must inject their voices into the planning process 
to create a forum for debate on information and individual privacy. 
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